<?php
/* 
 * Amnesia is Copyright (c) 2010 Mark Russell
 * 
 * Contact: info@amnesia-app.com	
 * 
 * This file is part of Amnesia.
 * 
 * Amnesia is free software: you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation, either version 3 of the License, or
 * (at your option) any later version.
 * 
 * Amnesia is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
 * GNU General Public License for more details.
 * 
 * You should have received a copy of the GNU General Public License
 * along with Amnesia. If not, see <http://www.gnu.org/licenses/>.
 *
 */

$user_name = "";

/**
 * Checks whether or not the given username is in the
 * database, if so it checks if the given password is
 * the same password in the database for that user.
 * If the user doesn't exist or if the passwords don't
 * match up, it returns an error code (1 or 2). 
 * On success it returns 0.
 */
function confirmUser($username, $password){
   global $con;
   /* Add slashes if necessary (for query) */
   if(!get_magic_quotes_gpc()) {
	$username = addslashes($username);
   }

   /* Verify that user is in database */
   $q = "select password from user where username = '$username'";
   $result = mysql_query($q,$con);
   if(!$result || (mysql_numrows($result) < 1)){
      return 1; //Indicates username failure
   }

   /* Retrieve password from result, strip slashes */
   $dbarray = mysql_fetch_array($result);
   $dbarray['password']  = stripslashes($dbarray['password']);
   $password = stripslashes($password);

   /* Validate that password is correct */
   if($password == $dbarray['password']){
      return 0; //Success! Username and password confirmed
   }
   else{
      return 2; //Indicates password failure
   }
}

/**
 * checkLogin - Checks if the user has already previously
 * logged in, and a session with the user has already been
 * established. Also checks to see if user has been remembered.
 * If so, the database is queried to make sure of the user's 
 * authenticity. Returns true if the user has logged in.
 */
function checkLogin(){
   /* Check if user has been remembered */
   if(isset($_COOKIE['cookname']) && isset($_COOKIE['cookpass'])){
      $_SESSION['username'] = $_COOKIE['cookname'];
      $_SESSION['password'] = $_COOKIE['cookpass'];
   }

   /* Username and password have been set */
   if(isset($_SESSION['username']) && isset($_SESSION['password'])){
      /* Confirm that username and password are valid */
      if(confirmUser($_SESSION['username'], $_SESSION['password']) != 0){
         /* Variables are incorrect, user not logged in */
         unset($_SESSION['username']);
         unset($_SESSION['password']);
         return false;
      }
      return true;
   }
   /* User not logged in */
   else{
      return false;
   }
}

/**
 * Determines whether or not to display the login
 * form or to show the user that he is logged in
 * based on if the session variables are set.
 */
 
// Logged in page redirect
 
function displayLogin(){
   global $logged_in;
   if($logged_in){
       echo '<meta http-equiv="Refresh" Content="0; URL=secure/">';
   }
   else{
?>
<form id="login_form" name="login_form" action="" method="post">
<?
	if(isset($_SESSION['reguname']))
		echo "<label class=\"login_label\" for=\"user\">Email address:</label><input class=\"login_input\" id=\"user\" type=\"text\" name=\"user\" maxlength=\"30\" value=\"" . $_SESSION['reguname'] . "\">";
	else
		echo "<label class=\"login_label\" for=\"user\">Email address:</label><input class=\"login_input\" id=\"user\" type=\"text\" name=\"user\" maxlength=\"30\" value=\"" . $_POST['user'] . "\">";
?>
	<div class="clear"></div>
	<label class="login_label" for="pass">Password:</label>
	<input class="login_input" id="pass" type="password" name="pass" maxlength="30" value="<? echo $_POST['pass'] ?>">
	<div class="clear"></div>
	<div id="login_checkbox_container">
		<input id="login_checkbox" type="checkbox" name="remember"> Remember me next time
	</div>
	<input type="hidden" name="sublogin" value="sublogin"/>
	<input id="login_button" id="login_button" type="image" src="img/buttons/sign-in_link.png" name="submit" value="submit">
	<div class="rule"></div>
	<div id="login_register_link">
		<img src="img/core/arrow_small_dark.png" alt="arrow_small_dark" width="4" height="7"/> <a class="login_text_link" href="login/register.php">Register for a new account</a>
	</div>
</form>

<?
   }
}

/**
 * Checks to see if the user has submitted his
 * username and password through the login form,
 * if so, checks authenticity in database and
 * creates session.
 */
if(isset($_POST['sublogin'])){
   /* Check that all fields were typed in */
   if(!$_POST['user'] || !$_POST['pass']){
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
	<title>Amnesia. Feel free to forget.</title>
	<link rel="stylesheet" href="css/amnesia.css" type="text/css" media="screen" />
	<script type="text/javascript" src="lib/jquery.js"></script>
	<script type="text/javascript" src="login/login.js"></script>
</head>
<body>
	<div id="main">
		<div id="container">
			<div id="left_retainer"></div>
			<div id="col1">
				<img src="img/core/amnesia_logo.jpg" alt="Amnesia. Feel free to forget" width="187" height="184"/>
				<div id="login_status_locked">
					<strong>Amnesia is locked</strong><br/>Please sign-in
				</div>
			</div>
			
			<!-- Locked single column -->
			<div id="col_container_locked">
				<div id="status_locked">
					<div id="status_left"></div>
					<div id="status_right">
						<div id="amnesia_locked">Amnesia is locked and nobody is signed-in<img class="status_icn" src="img/core/lock_icon.png" alt="lock_icon" width="9" height="12"/></div>
						<div class="loading" style="display: none;"><span>Loading </span><img class="status_icn" src="img/core/loading.gif" alt="loading" width="14" height="14"/></div>
					</div>
				</div>
				<div id="login">
					<div id="login_contents">
						<p id="key_message">Please sign-in</p>
						<div id="login_error">
							<strong>Sorry!</strong><br/>You've not entered your email address or password.
						</div>
						<? displayLogin(); ?>
					</div>
				</div>
			</div>
			<div class="clear_top_pad"></div>
		</div>
	</div>
</body>
</html>
<?
      die();
   }
   /* Spruce up username, check length */
   $_POST['user'] = trim($_POST['user']);
   if(strlen($_POST['user']) > 30){
   
	  // This should never occur.
      die("Sorry, the username is longer than 30 characters, please shorten it.");
   }

   /* Checks that username is in database and password is correct */
   $md5pass = md5($_POST['pass']);
   $result = confirmUser($_POST['user'], $md5pass);

   /* Check error codes */
   if($result == 1){
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
	<title>Amnesia. Feel free to forget.</title>
	<link rel="stylesheet" href="css/amnesia.css" type="text/css" media="screen" />
	<script type="text/javascript" src="lib/jquery.js"></script>
	<script type="text/javascript" src="login/login.js"></script>
</head>
<body>
	<div id="main">
		<div id="container">
			<div id="left_retainer"></div>
			<div id="col1">
				<img src="img/core/amnesia_logo.jpg" alt="Amnesia. Feel free to forget" width="187" height="184"/>
				<div id="login_status_locked">
					<strong>Amnesia is locked</strong><br/>Please sign-in
				</div>
			</div>
			
			<!-- Locked single column -->
			<div id="col_container_locked">
				<div id="status_locked">
					<div id="status_left"></div>
					<div id="status_right">
						<div id="amnesia_locked">Amnesia is locked and nobody is signed-in<img class="status_icn" src="img/core/lock_icon.png" alt="lock_icon" width="9" height="12"/></div>
						<div class="loading" style="display: none;"><span>Loading </span><img class="status_icn" src="img/core/loading.gif" alt="loading" width="14" height="14"/></div>
					</div>
				</div>
				<div id="login">
					<div id="login_contents">
						<p id="key_message">Please sign-in</p>
						<div id="login_error">
							<strong>Sorry!</strong><br/>That email address isn't registered on the system.
						</div>
						<? displayLogin(); ?>
					</div>
				</div>
			</div>
			<div class="clear_top_pad"></div>
		</div>
	</div>
</body>
</html> 
<?   
      die();
   }
   else if($result == 2){
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
	<title>Amnesia. Feel free to forget.</title>
	<link rel="stylesheet" href="css/amnesia.css" type="text/css" media="screen" />
	<script type="text/javascript" src="lib/jquery.js"></script>
	<script type="text/javascript" src="login/login.js"></script>
</head>
<body>
	<div id="main">
		<div id="container">
			<div id="left_retainer"></div>
			<div id="col1">
				<img src="img/core/amnesia_logo.jpg" alt="Amnesia. Feel free to forget" width="187" height="184"/>
				<div id="login_status_locked">
					<strong>Amnesia is locked</strong><br/>Please sign-in
				</div>
			</div>
			
			<!-- Locked single column -->
			<div id="col_container_locked">
				<div id="status_locked">
					<div id="status_left"></div>
					<div id="status_right">
						<div id="amnesia_locked">Amnesia is locked and nobody is signed-in<img class="status_icn" src="img/core/lock_icon.png" alt="lock_icon" width="9" height="12"/></div>
						<div class="loading" style="display: none;"><span>Loading </span><img class="status_icn" src="img/core/loading.gif" alt="loading" width="14" height="14"/></div>
					</div>
				</div>
				<div id="login">
					<div id="login_contents">
						<p id="key_message">Please sign-in</p>
						<div id="login_error">
							<strong>Sorry!</strong><br/>The password you entered is incorrect.
						</div>
						<? displayLogin(); ?>
					</div>
				</div>
			</div>
			<div class="clear_top_pad"></div>
		</div>
	</div>
</body>
</html> 
<? 
      die();
   }

   /* Username and password correct, register session variables */
   $_POST['user'] = stripslashes($_POST['user']);
   $_SESSION['username'] = $_POST['user'];
   $_SESSION['password'] = $md5pass;

   /**
    * This is the cool part: the user has requested that we remember that
    * he's logged in, so we set two cookies. One to hold his username,
    * and one to hold his md5 encrypted password. We set them both to
    * expire in 100 days. Now, next time he comes to our site, we will
    * log him in automatically.
    */
   if(isset($_POST['remember'])){
      setcookie("cookname", $_SESSION['username'], time()+60*60*24*100, "/");
      setcookie("cookpass", $_SESSION['password'], time()+60*60*24*100, "/");
   }

   /* Quick self-redirect to avoid resending data on refresh */
   echo "<meta http-equiv=\"Refresh\" content=\"0;url=$HTTP_SERVER_VARS[PHP_SELF]\">";
   return;
}

/* Sets the value of the logged_in variable, which can be used in your code */
$logged_in = checkLogin();
$user_name = $_SESSION['username'];

?>